Email. Online banking. Facebook. Your doctor’s office. These are all places where we rely on encryption to keep the private details of our lives safe. Without encryption, none of these services would be remotely safe to use, and even with encryption breaches are too common. We all want the digital world to be safer, not less secure. That’s why EFF joined the nearly 150 privacy and human rights organizations, technology companies and trade associations, and individual security and policy experts who sent a letter urging President Obama to

reject any proposal that U.S. companies deliberately weaken the security of their products. We request that the White House instead focus on developing policies that will promote rather than undermine the wide adoption of strong encryption technology. Such policies will in turn help to promote and protect cybersecurity, economic growth, and human rights, both here and abroad.

As the letter points out, “Strong encryption is the cornerstone of the modern information economy’s security.” And it’s under threat. Congress is considering incredibly flawed cybersecurity legislation, as well as potential reforms to NSA surveillance that don’t address the NSA’s use of “backdoors”—security flaws engineered into products and services to enable or facilitate government control or access to devices. These backdoors enable access to and warrantless searches of the contents of communications and other data.

The intelligence community has also spent a lot of time fearmongering about the growing use of encryption. Both the FBI and NSA Directors have recently urged companies to install security backdoors into hardware or software. They argue that the growing use of encryption is a serious threat to their investigative abilities.

This isn’t new. We’ve watched the government propose a variety of ways to control encryption techology since 1993, when the Clinton White House introduced the Clipper Chip, a plan for building in hardware backdoors to communications technologies. In 2011, then-FBI General Counsel Valerie Caproni even claimed that the FBI was “going dark” because it couldn’t collect some evidence that courts had authorized it to collect. Of course, that makes no logical sense—a court order is no guarantee that a search or seizure will be successful.

Indeed, former Clinton and Obama administration adviser and privacy and cyberlaw expert Peter Swire pointed out in a 2011 paper that in fact:

We live in a “golden age for surveillance” because investigatory agencies have unprecedented access to information about a suspect. In addition, data mining provides unprecedented tools for identifying suspects.

That remains as true today as it was then—more so in fact. Law enforcement has many investigative tools at hand, and technology that allows them to gather data has been improving for years. And as we, and many others have pointed out, the government can get a warrant, use traditional investigative techniques, or gather data from the vast array of sources available to them in the modern world instead of relying on back doors. Ultimately, the government hasn’t provided any good public evidence that encryption has been a real obstacle.

Yet the government continues to insist that back doors are necessary, ignoring the fact that the protection against criminal and national security threats provided by encryption would be:

undermined by the mandatory insertion of any new vulnerabilities into encrypted devices and services. Whether you call them “front doors” or “back doors”, introducing intentional vulnerabilities into secure products for the government’s use will make those products less secure against other attackers. Every computer security expert that has spoken publicly on this issue agrees on this point, including the government’s own experts.

At a time when concerns about computer and network security are high, and weaknesses already abound, it is simply bad policy to create more. And there’s a lot of technical skepticism about the government's suggestion that these vulnerabilities wouldn’t affect everyone. That skepticism is shared by members of Congress who understand these issues. Rep. Ted Lieu, who has bachelor's degree in computer science from Stanford, has said:

It is clear to me that creating a pathway for decryption only for good guys is technologically stupid. You just can't do that.

What’s more, there's an understandable lack of trust in what the government is saying about backdoors, given the evidence that the government deploys security vulnerabilities and its knowledge of them for surveillance purposes. That's on top of the trust deficit from the secret, illegal phone records bulk collection program and other secret programs we've learned about.

It's old news that governments around the world are misusing private company-sold digital surveillance software track and target people for human rights abuses. Recently, Amnesty International reported finding that two prominent Moroccan human rights defenders had been targeted using Israeli-based NSO Group’s software. Just this week WhatsApp sued...

When it comes to guns, nearly everyone has strong views. When it comes to Internet publication of 3D printed guns, those strong views can push courts and regulators into making hasty, dangerous legal precedents that will hurt the public's ability to discuss legal, important, and even urgent topics ranging from...

Today, the the Trump Administration announced the decertification of the Iranian nuclear deal agreed by the previous administration. It's the strongest sign of many showing that the U.S. government intends to take a new and more confrontational line against Iran.
But long before the decertification, tech companies were making...

Cisco custom-built the so-called “Great Firewall of China,” also known as the “Golden Shield.” This system enables the Chinese government to conduct Internet surveillance and censorship against its citizens. As if that weren’t bad enough, company documents also revealed that, as part of its marketing pitch to China and in...

“We think that trying to craft a regulatory definition that would capture offensive tools only while leaving defensive tools freely available is not possible,” Nate Cardozo, a staff attorney at the Electronic Frontier Foundation told The Hill. “We think it’s a fool’s errand to even try.”

“We think that trying to craft a regulatory definition that would capture offensive tools only while leaving defensive tools freely available is not possible,” Nate Cardozo, a staff attorney at the Electronic Frontier Foundation told The Hill. “We think it’s a fool’s errand to even try.”

This week, the U.S. Department of State’s Defense Trade Advisory Group (DTAG) met to decide whether to classify “cyber products” as munitions, placing them in the same export control regime as hand grenades and fighter planes. Thankfully, common sense won out and the DTAG recommended that “cyber products” not be...

Stanford, California—On Wednesday, October 21, at 12:45 pm, the Electronic Frontier Foundation (EFF) will urge a federal appeals court to order the U.S. government to disclose information about its role in facilitating exports of American-made surveillance tools to foreign nations. The hearing is part of a Freedom of Information Act...